wordpress security must read article by yoast

WordPress SEO, more secure than ever before.

WordPress SEO, more secure than ever before.

One of the benefits of making money on paid plugins is that you can more easily spend money for other people to look at and even better, review your plugins. Today is the first result of what might become a somewhat longer tradition: WordPress SEO is now a Sucuri Safe Plugin.

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO: the #1 WordPress SEO plugin Info

What this means? It means I’ve asked Sucuri to do a full security review of my WordPress SEO plugin. They found a couple of small issues, which I’ve all addressed in the 1.3 release I put out earlier today.

So while 1.3 might not be a major release in terms of functionality, it is the result of quite a bit of work. If you check this commit, you’ll see a ton of little changes have gone into the plugin. Most of them are really minor, but all combined, they make for a better and, more importantly, safer plugin.

Sucuri Safe PluginI plan to do more updates to my biggest plugins to fix things like this. It’s great to be able to do that because of a, now thriving, paid plugin business. So thank you, to those of you who bought a premium plugin, you are helping us give you a better product!


Read more: ‘Site structure: the ultimate guide’ »

25 Responses to WordPress SEO, more secure than ever before.

  1. Aaron Emerson
    By Aaron Emerson on 7 January, 2013

    You are to be commended for your hard work and dedication on this process. I’ve recently run into a robots.txt problem. While I don’t see one in my directory, one does show up when browsing for it in a browser. Do you recommend creating your own editable robots.txt that can be edited through WPSEO, or just using the virtual robots.txt?

    Thanks again and Happy New Year.

  2. Elena
    By Elena on 4 January, 2013

    Thank you for this fantastic plugin. It does just about everything I want it to do and much more. When I first saw it, I couldn\’t believe it\’s free. I used to pay $300 per year for a package of outdated tools to one company I don\’t want to name here for three years, then moved to WordPress, installed your plugin et voila! I don\’t know why I waited for so long! Best wishes!

  3. ccjk
    By ccjk on 3 January, 2013

    Thanks very much Joost.
    Your plugin is very useful for me,and I learn more knowlege from your website.
    Best Regards!

  4. Kiran
    By Kiran on 28 December, 2012

    how to buy your premium wordpress seo plugin. do you currently have special extensions for your plugin

  5. Mark
    By Mark on 20 December, 2012

    Hey Joost

    I too love WordPress SEO plugin. Actually I would pay for it, as it is that good.

    Although this \’may\’ not be a popular suggestion – but how about a paid for version with some extra awesomeness built in? Having so many people as users of this, there may be some/enough that would also pay for a premium version if it packed even more punch (if that\’s possible) ;o). I guess even a small charge could muster up a pretty large resource of funds to go into further \’premium\’ development work?????

  6. Naziman Azlye
    By Naziman Azlye on 17 December, 2012

    I like your plugin. Right now, no major issue with your plugin. Thanks Joost.

  7. Youssef B
    By Youssef B on 13 December, 2012

    Thank you very much Joost.

  8. TJ Greene
    By TJ Greene on 12 December, 2012

    Hey Joost,

    I’ve been meaning to send you a thank you for creating such a great plugin and this post has given me the perfect opportunity. So, THANK YOU! It truly is one of the first plugins I install on all new sites, and recommend others install on theirs. And, now that you’ve gone the extra, extra mile having it tested by Sucuri, all the more reason to use and recommend it.

    BTW, I just installed the latest update and it went without a hitch.

    I will definitely be using your video SEO plugin, too. I am currently in the process of editing a bunch of videos for a new site and look forward to seeing Video SEO work its magic!

    Best Regards,
    TJ Greene

  9. Zaman
    By Zaman on 10 December, 2012

    Hello Joost, I have also send you an email from the contact form. Please check the following issue with your WordPress SEO plugin and if that is actually a vulnerability in the latest update.



    • Joost de Valk
      By Joost de Valk on 10 December, 2012

      It’s nonsense. It’s a theme vulnerability possibly, but not related to my plugin as everywhere the plugin uses the search query, it uses it escaped.

  10. Bamajr
    By Bamajr on 10 December, 2012

    Joost de Valk – Hey, great job addressing the issues as soon as possible. I’m a fan of your plugin and of the work you and your team do. For me, your plugin, development & support process is an example of how all WordPress plugins should be managed. Personally, I judge all other plugins by how they compare to your development/support process. Most, do not meet such high expectations, especially when dealing with “quick fix” items, such as this issue.

    I wanted to add that after updating your plugin to version 1.3.0, I started having all kinds of weird functionality issues, within the WordPress Admin pages. Things like: 1) Changes in widget content and/or widget order not being applied to live website. 2) Plugin area only displaying a partial list of plugins. 3) Admin pages taking a long time to load.

    I know you and your team put a lot of effort into this plugin, so I don’t usually fault your plugin for the issues and usually find it is an issue with another plugin. In this case, there was another plugin… SendPress. However, SendPress and WordPress SEO were working together fine, until I updated to version 1.3.0 of your WordPress SEO plugin. When things started acting weird, through process of elimination, I found out that deactivating SendPress stopped these problems and the problems return when I reactivate SendPress.

    I find SendPress to be a very useful plugin, but find that it often has issues, which it’s development team cannot explain. It recently caused a major issue on my website, which forced me to basically re-create my website, from scratch. I wouldn’t usually give a plugin like that another chance, but it’s potential value, made me try it one more time.

    To the point: I know your plugin tracks the various other plugins which are being used alongside WordPress SEO. I have elected to allow that tracking on my website, and have allowed it since you first introduced that feature. So, my questions are: 1) Have you seen this type of erratic behavior with SendPress before? 2) What is so much different about WordPress SEO version 1.3.0 – which could possibly interfere with the normal functionality of SendPress?

    P.S. I know this isn’t a support forum, but I thought others who read your posts may have experienced similar issues with SendPress or other Plugins. I also thought there may be a quick and easy answer as to what could have happened by updating to WordPress SEO version 1.3.0, which could have triggered this.

    • Joost de Valk
      By Joost de Valk on 10 December, 2012

      Hey, haven’t seen the issue with SendPress before but it doesn’t appear to be very popular either. I’m tracking over half a million sites now, and SendPress doesn’t make the top 500 of most popular plugins on those…

      • Bamajr
        By Bamajr on 10 December, 2012

        Thanks for responding about SendPress Joost. I didn’t figure SendPress was a very popular plugin, yet. Though, I anticipate it will gain some strength once people figure out what it actually does, how advantageous it is and the developers take a serious look at how it interacts with WordPress and popular WordPress Plugins. I’m not affiliated with the plugin, whatsoever, but I can see the benefit of that plugin working seamlessly with yours.

  11. Andy - Tenerife
    By Andy - Tenerife on 8 December, 2012

    I have had good experiences with Sucuri too after the server my sites were on was hacked. I know have their WP plugin installed on my sites and have taken out a yearly monitoring subscription – well worth the money!

  12. Stefan
    By Stefan on 8 December, 2012

    Thanks and keep up the good work.

  13. Nayan Majumder
    By Nayan Majumder on 8 December, 2012

    Yes. After updating XML is not working. Please fixed it.

  14. Anthony Zazo
    By Anthony Zazo on 7 December, 2012

    Hello, it seems that the xml sitemap functionality of the SEO plugin is not working? Not sure if it happened with this update, but I just happened to be checking my XML sitemaps after this update and they are coming through as 404 errros.

  15. Bamajr
    By Bamajr on 7 December, 2012

    Yoast, your update, today, is rendering HTML to the screen as text, within the settings screens of your plugin… multiple pages.

    • Joost de Valk
      By Joost de Valk on 8 December, 2012

      Fixed in 1.3.1 :)

    • leo
      By leo on 8 December, 2012

      Yes, experience this too, something like Improve your Site! is shown.. along with other similar link.

    • Weboxeur
      By Weboxeur on 8 December, 2012

      Same here. The update just messed it up.

  16. Dan
    By Dan on 7 December, 2012

    Thank you very much, Joost! I am a big believer in paid plugins and I look forward to your Local SEO plugin for WordPress. I will happily pay for it!

Check out our must read articles about Analytics